Avast fined nearly $15M for GDPR violations


Avast, a Czech multinational cybersecurity software company, has been fined for tracking its users’ journey.

The Office for Personal Data Protection (ÚOOÚ) in the Czech Republic has imposed a fine of approximately $14.8 million on Avast Software for General Data Protection Rules (GDPR) after investigating the company’s Czech branch, Jumpshot, INC.

According to ÚOOÚ, the company processed personal data from Avast antivirus software and browser extensions in 2019 without authorization.

The company transferred the data of 100 million of its users to Jumpshot, a company that marketed itself, among other things, as providing insights into online consumer behavior to third parties.

ÚOOÚ says that Avast misled users. While it claimed to use robust anonymization techniques, at least a portion of data subjects could be reidentified.

"The Office emphasized in its decision that Avast is one of the leading experts in cybersecurity, offering the public tools for data and privacy protection. Its customers could not expect that this very company would be transferring their personal data, or data based on which not only their identity but also, for example, their interests, preferences, residence, financial circumstances, profession, and other privacy-related data could be determined," stated Jiří Kaucký, Chairman of the Office for Personal Data Protection.

Avast told Cybernews it disagrees with the regulator’s decision and characterization of the facts.

“We are assessing our next steps, including further judicial action. Avast has reaffirmed its commitment to keeping its customers’ data safe and private and has continued to take proactive measures to ensure that its privacy practices are a top priority. Avast also maintains active participation in global privacy-first organizations and initiatives,” the company’s spokesperson said.

In February, Avast agreed to pay $16.5 million to settle the Federal Trade Commission’s charges regarding the same matter. Avast ceased Jumpshot operations in 2020 and agreed to stop selling any browsing data for advertising purposes.


More from Cybernews:

Label working with Snoop Dogg and Iggy Azalea faces cyberthreat

Kaiser health plan reveals data breach impacting millions

FBI warns against unregistered cryptocurrency services

New iPads around the corner: what’s in store from Apple’s launch event

Hackers leak World-Check, sanctions, and crimes database

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked